Re: 2 SSH questions: why does it pause so much, and, can I keep connection alive?
From: Darren Tucker (dtucker_at_dodgy.net.au)
Date: 04/02/04
- Previous message: Michael Levin: "Anyone have executable for OpenSSH 3.8 for Mac OS X?"
- In reply to: Michael Levin: "Re: 2 SSH questions: why does it pause so much, and, can I keep connection alive?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Fri, 2 Apr 2004 02:24:40 +0000 (UTC)
In article <BC923040.136CE%mlevin77@comcast.net>,
Michael Levin <mlevin77@comcast.net> wrote:
[...]
>I believe the server is behind a firewall. Iım sorry Iım not up on the
>details here. Whatıs this state-table timeout? Iım assuming it can cause
>these pauses; if so, is there anything that can be done to help the
>situation? Maybe I can talk to the sysadmin there, if I knew what I was
>asking him to do...
The exact details are usually product-specific, but the basics are:
Stateful-inspection type firewalls keep track of connections running
through them in a "state table". When a packet arrives, its source IP,
destination IP, source port and destination port are checked against the
state table, and if it matches the packet is let through. If the packet
is not in the state table, the rulebase is checked and if it's permitted,
then the connection is added to the state table. When the connection
closes, it is removed from the state table.
The catch here is in some cases, (eg crashing clients, or half-open
port scans) the connection is never closed, and the table risks growing
without limit. To combat this, a timeout is enforced where any connection
that has not seen a packet within X seconds is aged out of the table.
Some systems have a mechanism whereby an active connection can be put
back in the state table (again, this is product-specific).
[...]
> Iım running OpenSSH 3.6.1 on Mac OSX. I scoured the OpenSSH website, and
>while they say the 3.8 is out, I donıt see a TAR archive for 3.8 anywhere,
>and I donıt see an OSX executable anywhere either. Do you by any chance know
>where I can get 3.8 (hopefully executable for OS X, or if not, something
>which will compile on OSX)? Currently, thereıs no file name ssh_config on my
>system. Is this a 3.8-specific thing, or should there be one somewhere for
>3.6 as well?
All versions of OpenSSH will read an ssh_config file. (There are sensible
defaults, so it can survive without it).
As for downloads:
http://www.openssh.com/portable.html#mirrors
You want "openssh-3.8p1.tar.gz". The OpenSSH team don't offer binaries
for OS X.
> I tried this; when I first started SSH, it spit out a bunch of stuff
>before it logged in. Then I logged in, and no special messages appeared at
>all (it did the freeze thing once) - all I saw was what the server system
>was saying (I worked in the shell, used Emacs, etc.). Then I logged out, and
>it said a bunch of stuff as it exited. How does the vvv work if there was
>a problem during the session, would it superimpose its messages on the text
>coming from the server?
Yes, if there was something odd coming from the server (eg a rekey request)
then it would have appeared in a "debug" message.
--
Darren Tucker (dtucker at zip.com.au)
GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4 37C9 C982 80C7 8FF4 FA69
Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.
- Previous message: Michael Levin: "Anyone have executable for OpenSSH 3.8 for Mac OS X?"
- In reply to: Michael Levin: "Re: 2 SSH questions: why does it pause so much, and, can I keep connection alive?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
